Documentation
DocumentationDeveloperAcademyCommunitySupportLogin
Start typing to search…

Outlook (Live Search) Setup for Enterprise Search

System Overview

Microsoft Outlook (as part of Microsoft 365) is your organization's primary hub for email communication and calendar management. From an enterprise search perspective, Outlook is a critical system for knowledge available in emails, attachments, and meeting details. Moveworks connects to Outlook via Microsoft Graph APIs to perform live search across email content, returning results that based on user permissions, without storing or indexing any mailbox data.

Authentication

Authentication is accomplished by creating and registering an Azure App Registration for the following approach for live search:

  • Uses delegated OAuth with a separate Azure App Registration and client secret
  • End users sign in and provide consent for the first time; Moveworks then searches only the emails they can access in Outlook
  • No enterprise-wide indexing of Outlook content occurs

Permissions Enforcement

Live Search: Results are retrieved on behalf of the signed-in user using their delegated token, so source-system permissions are inherently enforced.

API Usage

Moveworks uses the standard Graph API v1.0 to perform live search from Outlook. We use only delegated permissions with admin-granted access for live search.

Content Types

Live Search (SharePoint Online & OneDrive)

  • On-demand results from the signed-in user’s accessible Outlook emails
  • Not indexed into the enterprise corpus; fetched at query time after user consent
  • Note: Currently, calendar events are not supported in live search

Access Requirements

Pre-requisites

Before you get started, make sure you have everything you need:

  • Admin roles
    • Global Admin permissions to create App registrations and grant admin consent
  • Environment details
    • Cloud environment: Commercial or GOV L4

Understanding Permissions Scopes required for Enterprise Search

  • Mail.Read: Required to read the user’s email messages.
  • Calendars.Read: Required to read the user’s calendar events.
  • User.Read: Required to view information about users.

Instructions for Outlook Live Search

1. Register a new App

  1. Sign in to the Azure portal

  2. Select Microsoft Entra ID > Manage > App registrations > New registration

  3. On the Register an application page, register an app with the following details

    Field

    Value

    Name

    Moveworks

    Supported account types

    Accounts in this organizational directory only (Single tenant)

    Redirect URI

    Platform: Web

    URI value:https://<your_org>.moveworks.io/auth/oauthCallback

  4. From the overview page, note down the following values:

    1. Directory (tenant) ID
    2. Application (client) ID

2. Add Client Credentials

  1. From the overview page, click on Add a certificate or secret link (Alternatively, Go to Manage > Certificates and Secrets in the left sidebar)

  2. Click on New client secret button

  3. Add a description and select your desired expiry period for the secret, and Click on Add button

  4. Click on Copy button and Save the value of secret, as it's shown only once

3. Add Application API permissions & grant admin consent

  1. Open the App Registration you created above and click on Manage > API Permissions

  2. Click Add a permission

  3. This will open a panel on the right side:

  4. Select Microsoft Graph

  5. Choose Delegated permissions

  6. A search bar will appear


  7. Search for the permissions you need to grant (noted above) and check the box for each

  8. Once they’ve all been checked, click Add permissions

  9. You’ll now see all the newly added permissions will have a status of “Not granted for” your organization

  10. To complete the process, click Grant admin consent for your organization

  11. If this panel appears, click Yes, add other granted permissions to configured permissions then Save and continue, then Grant admin consent, and then Yes

  12. You will see green checkmarks on the newly added permissions if this was successful

Setup in Moveworks

  1. Log in to your org's MyMoveworks portal

  2. Navigate to Moveworks Setup > Connectors > Built-in Connectors

  3. Click Create New

  4. Search and Select Outlook (Next Gen)

  5. Click on Next: Add Creds

  6. Input the following details (copied from steps above)

    1. Connector Name: Name this connector for your future reference. Once set, this name cannot be changed

    2. Application (Client) ID: The unique identifier for your Azure app registration

    3. Application Client Secret: The secret key for your Azure app to authenticate with Microsoft Graph APIs

    4. Tenant (directory) ID: Your organization's unique Azure Active Directory identifier

    5. Region (optional): Select an option that will be used to establish the base URL. If no selection is made, the default option will be commercial. If GOV L4 is selected .us token url will be created

    6. Click Save. This connector will now be used to configure live search from Outlook. Refer to the steps mentioned below

Configuring Outlook for Enterprise Search

Initialising setup

  1. Log in to your org's MyMoveworks portal

  2. Navigate to Moveworks Setup > Answers > Ingestion > Enterprise Search

  3. Click on Create New or Get Started

  4. Select Outlook from the dropdown list and click on the Get Started button

  5. System Overview: This presents an overview of Outlook support from Moveworks

    1. Ingestion Summary: Not applicable for Live Search systems

    2. Connector Selection: In this configuration block, you are required to select the required connector to enable Moveworks to connect and fetch data or enable live search

    3. Content Selection: In this configuration block, you are required to define the content that should be ingested within Moveworks


Connector Selection and Validation

  1. Once you click on Select Connector, a connector setup screen will appear as follows

  2. Select the connector (from the dropdown) that you have created in the Connector Creation step

    📘

    Please note: Only the Outlook connectors will appear in this list.

  3. Once the connector is selected, you need to click on Start Validation to validate the connector credentials and required scope

    📘

    Connector Validation

    This is a mandatory step in order to save the configuration and move to the next step.

    Moveworks validates the selected connector to check:

    • Content: Moveworks validates whether connector has right scopes to fetch content

  4. If the connector is validated successfully, you will see a green info banner as follows

  5. If there are any credentials or scope issues, you will receive an error message as follows. Click on View Details to identify the issue. Refer to this step-by-troubleshoot guide (link to be added) to rectify any validation errors

  6. Once the connector is validated successfully, you will be able to Save the configuration

  7. Input the unique configuration name and Save

  8. Once the configuration is saved, you can view the unique configuration name at the top of the screen. You can also click the pencil 🖊️ icon to edit the configuration name

  9. Additionally, you will see a banner at the top of the screen with an Enable Live Search button. Click it to activate the Slack Live Search feature for your Enterprise Search web application

  10. Additionally, you will start seeing an entry of your configuration in the Enterprise Search home page. You can click on your configuration to go to edit/ complete the configuration

Connector Troubleshooting Guide

Updated about 6 hours ago